If you attempt to login to Vault and receive any error that references "public key" then you need to add permissions to the Microsoft Machine Keys folder.

1. Determine which account is being used by the Vault Service. The system started message in the Vault Server Log file will contain a line stating "Identity = USER", where user is ASPNET, SYSTEM, NETWORK SERVICE, IIS APPPool, ApplicationPoolIdentity, or the user that is being impersonated.

2. On the Vault server, go to the %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys folder. Make sure that the user specified above has read / write / modify permissions to the MachineKeys folder.

On new operating systems look for this directory: C:\ProgramData\Microsoft\Crypto\RSA

3. If the problem persists after adding these permissions, stop IIS, and find a file that starts with "edb3...." in the directory mentioned earlier. Delete it, and then restart IIS. Then try to log into Vault.